Published: 13/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

There is a possible DoS vulnerability in the multipart parser in Rack prior to 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rack project rack 2.0.5
rack project rack 2.0.4

Synopsis Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Satellite 66 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Debian Bug report logs - #913003 ruby-rack: CVE-2018-16470: Possible DoS vulnerability in Rack Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Nov 2018 20:27 ...

There is a possible DoS vulnerability in the multipart parser in Rack before 206 Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size ...

CWE-400 https://access.redhat.com/errata/RHSA-2019:3172 https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ https://access.redhat.com/errata/RHSA-2019:3172 https://nvd.nist.gov

CVE-2018-16470

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect